refactor: skip vpc dns validation if no domain suffix

Signed-off-by: thxCode <thxcode0824@gmail.com>

Author: thxCode

main.tf

@@ -34,8 +34,8 @@ data "aws_vpc" "selected" {
 
   lifecycle {
     postcondition {
-      condition     = self.enable_dns_support
-      error_message = "VPC needs to enable DNS support"
+      condition     = try(var.infrastructure.domain_suffix == null, false) || (self.enable_dns_support && self.enable_dns_hostnames)
+      error_message = "VPC needs to enable DNS support and DNS hostnames resolution"
     }
   }
 }
@@ -68,7 +68,7 @@ data "aws_kms_key" "selected" {
 }
 
 data "aws_service_discovery_dns_namespace" "selected" {
-  count = var.infrastructure.domain_suffix != null ? 1 : 0
+  count = try(var.infrastructure.domain_suffix != null, false) ? 1 : 0
 
   name = var.infrastructure.domain_suffix
   type = "DNS_PRIVATE"
@@ -110,45 +110,14 @@ locals {
 # Deployment
 #
 
+# create parameters group.
+
 locals {
   version = coalesce(var.engine_version == "6.0" ? "6.x" : var.engine_version, "7.0")
   version_family_map = {
     "6.x" = "redis6.x",
     "7.0" = "redis7",
   }
-  publicly_accessible = try(var.infrastructure.publicly_accessible, false)
-}
-
-# create security group.
-
-resource "aws_security_group" "target" {
-  name        = local.fullname
-  description = local.description
-  tags        = local.tags
-
-  vpc_id = data.aws_vpc.selected.id
-}
-
-resource "aws_security_group_rule" "target" {
-  description = local.description
-
-  security_group_id = aws_security_group.target.id
-  type              = "ingress"
-  protocol          = "tcp"
-  cidr_blocks       = local.publicly_accessible ? ["0.0.0.0/0", data.aws_vpc.selected.cidr_block] : [data.aws_vpc.selected.cidr_block]
-  from_port         = 6379
-  to_port           = 6379
-}
-
-resource "aws_elasticache_subnet_group" "target" {
-  name        = local.fullname
-  description = local.description
-  tags        = local.tags
-
-  subnet_ids = data.aws_subnets.selected.ids
-}
-
-locals {
   parameters = merge(
     {
       "cluster-enabled" = "no"
@@ -158,6 +127,7 @@ locals {
       if try(c.value != "", false)
     }
   )
+  publicly_accessible = try(var.infrastructure.publicly_accessible, false)
 }
 
 resource "aws_elasticache_parameter_group" "target" {
@@ -176,6 +146,39 @@ resource "aws_elasticache_parameter_group" "target" {
   }
 }
 
+# create subnet group
+
+resource "aws_elasticache_subnet_group" "target" {
+  name        = local.fullname
+  description = local.description
+  tags        = local.tags
+
+  subnet_ids = data.aws_subnets.selected.ids
+}
+
+# create security group.
+
+resource "aws_security_group" "target" {
+  name        = local.fullname
+  description = local.description
+  tags        = local.tags
+
+  vpc_id = data.aws_vpc.selected.id
+}
+
+resource "aws_security_group_rule" "target" {
+  description = local.description
+
+  security_group_id = aws_security_group.target.id
+  type              = "ingress"
+  protocol          = "tcp"
+  cidr_blocks       = local.publicly_accessible ? ["0.0.0.0/0", data.aws_vpc.selected.cidr_block] : [data.aws_vpc.selected.cidr_block]
+  from_port         = 6379
+  to_port           = 6379
+}
+
+# create group.
+
 resource "aws_elasticache_replication_group" "default" {
   description = local.description
   tags        = local.tags
@@ -205,6 +208,10 @@ resource "aws_elasticache_replication_group" "default" {
   snapshot_retention_limit = 5
 }
 
+#
+# Exposing
+#
+
 resource "aws_service_discovery_service" "primary" {
   count = var.infrastructure.domain_suffix != null ? 1 : 0